Before starting this post, the team would like to thank all the contributions shared by the PowerShell community found on Reddit for their support on exploring PowerShell automation capabilities. The outpouring of suggestions and sharing of scripts was awesome and has resulted in another question asked for us as a community to address.
After reading the previous PowerShell Basics article, some from the ITPRO community have reached out inquiring how to force the sync of only passwords and not the entire contents of Active Directory. It appears the ask comes in light of troubleshooting Office 365 password sync issues. This post will focus on steps to address this via PowerShell.
Run PowerShell Force AzureAD Password Sync
Assign the local Active Directory $adConnector value and remember it is case sensitive:
$adConnector = "<insert local connector name here>"
Assign the AzureAD $aadConnector value and remember it is case sensitive:
$aadConnector = "<insert AzureAD connector name here>"
Install the AzureAD Sync module:
Create a new ForceFullPasswordSync configuration parameter object:
$c = Get-ADSyncConnector -Name $adConnector
Update the existing connector with the following new configuration. Remember to enter each line separately:
Synchronization of legacy password hashes to Azure AD may take some time and depend on directory size in terms of number of accounts and groups. Once completed, the passwords are synchronized to the to Azure AD followed by syncing to the Azure AD DS managed domain.